SQL Injection Remote Code Execution Vulnerability 

(CVE-2023-40056)

Summary

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account.

Affected Products

SolarWinds Platform 2023.4.1 and previous versions.

Fixed Software Release

SolarWinds Platform 2023.4.2

Acknowledgments

Alex Birnberg working with Trend Micro Zero Day Initiative

Advisory Details

Severity

8.0 High

Advisory ID

First Published

11/28/2023